[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel Security Updates for Sarge

On Sun, May 15, 2005 at 12:15:20PM -0700, Steve Langasek wrote:
> On Sun, May 15, 2005 at 12:38:20PM -0600, dann frazier wrote:
> > On Sat, 2005-05-14 at 11:33 +0900, Horms wrote:
> > > I am not planing to include the CAN-2005-0449 fix in the security or r1
> > > update as I undersdand that ABI changes are highly problematic. I am
> > > willing to be convinced otherwise.
> > Oh, do ABI changes in packages on security.debian.org break d-i as well?
> > I figured it would continue pulling udebs from r0, giving us until r1 to
> > spin d-i.  Is there a problem I'm not seeing?
> I don't know of any reason why they would break d-i; and I also don't think
> that putting off all ABI-breaking security fixes until etch is a very good
> answer anyway.

Joey Hess is the expert here. But I think one problem is that
many of the d-i kernel packages do not have a kernel-tree-x.y.z-n
dependancy. And thus updating kernel-source means those d-i
packages can no longer be reproduced. This could get quite messy
if their is an ABI change... I think... Joey?

In any case, I have no problem with including ABI updates
in security updates (CAN-2005-0449 is clerly a security bug)
or testing-proposed-updates. But I'd like us to aggee that
can be done cleanly - once its in pulling it out is a complete


Attachment: signature.asc
Description: Digital signature

Reply to: